WannaCry and XP

Microsoft stopped the support for XP, but for WannaCry attack they made exclusion:

 

If you have too many XP as a pos stations you can use registry hack to enable again Windows Update for extra 5 years.

 

 … Read the rest

If you need temporary VPS hosting (for testing, for development and so on)

Sometimes temporary, moreover free VPS hosing for 1 year is great and generous opportunity. Usually it’s very handy for testing (for example to install linux, configure lamp, wordpress, 2fa, freeSSL, plugins and so on ), web development, personal blogs, short-term projects like election events and so on.

Amazon Web service suggests it for whole 1 year. Just be VERY careful to not trespass limits of free tier (for example AWS automatically has done EBS snapshots during import of my vmware ova to AWS AMI and later on to free tier instance — although 09 cents were generously forgiven by AWS … Read the rest

Free ComodoSSL, free “Let’s encrypt” certificates

Strange that the main national domain registrar (http://manage.datacom.mn) yet don’t use SSL for own management console. Mobinet, national cloud provider even don’t have DNS registration for own services asking to create hosts file records for vps-mgnt.mobinet.mn. Mobinet who resells Comodo SSL doesn’t have valid SSL for https://vps-mgnt.mobinet.mn/ (and looks like self-signed SSL is created to conflict with vmware cert namespace).

SSL providers suggest DNS (email) validation for certificate CSR, so vulnerable web DNS manager (not protected by SSL) can compromise issued SSL certs and finally web sites with online banking, payment systems and so on. I suggest for

Read the rest

Facts about Active Directory to help understand it and properly use.

  1. AD is the basement/heart/glue for all Microsoft (and not only Microsoft) server products. Almost any Microsoft solution is based on AD as a prerequisite. Therefore it’s common misunderstanding and misuse that AD is considered only as side effect (or even as lesser unavoidable evil :)) of implementation of other Microsoft systems like MS Dynamics NAV, Exchange, Lync, Sharepoint. It means you cannot install Exchange without pre-installation and pre-configuration of AD. As a result of a such wrong approach to AD many companies don’t use Active Directory appropriately, some of them completely don’t understand what is the main role of AD
Read the rest

iMac and macbooks in Windows environment, why you better integrate them.

The main reason why you need to limit end-users on Windows and Mac computers is the same – much longer periods of stable, guaranteed work with less maintenance overheads.

Recently i see more and more companies which ignores that principle. Mindlessly MacOS is considered as more stable and protected by default without any needs in extra efforts. But if you don’t deprive end-user rights for full system configuration as you do for Windows computers you can get really bad problems. The most unpleasant one is when you got a blocked computer with unknown EFI firmware password. On modern models of

Read the rest

Protect your linkedin, facebook, gmail, microsoft, dropbox and other accounts by 2fa.

Have you ever lost access to your linkedin, microsoft, skype, yahoo, twitter, facebook IDs? Do you know what pain is it to restore access? If the answer is yes, then you know what i mean. #2fa is what you need.

There are a lot of hardware and software keyloggers to steal your credentials (username and password). In this article i am going to give you some initial recommendations how to protect your internet accounts.

The most widespread type is surely software keyloggers inside various viruses and other malware, so good antivirus is first defensive line. Just don’t relax too early, … Read the rest

GAL/Global Address List without Exchange

One of the most useful features of Lotus, Exchange and so on is Global Address Directory which can be centrally maintained by IT team or delegated HR user .  GAL makes company email, phone contacts lists more adequate, freshly updated and as result more trustworthy, with less mistakes unlike manually updated on each user Outlook (after regular mass email with updated contacts for everybody in organization. Such multiple updates finally completely mess up all contacts, multiple NDR and returned email)

Advantages of GAL:

  1. new employee immediately has access to the latest updated company contacts
  2. no need manually for each user
Read the rest

Obvious, but neglected. How and why it’s important to properly configure your Outlook?

 

It’s very common that business users experience multiple issues with own company email addresses and mailboxes.

The basic recommendation is :

1. stop using ISP public smtp relays like smtp.univision.mn and so on (use only own mail hosting smtp servers)

2. stop using non-SSL or non-TSL connection for email (plaintext credentials can be easily intercepted, later misused or used for spam, or to discredit you, blackmail you, steal your correspondence, ransomware)

3. if your mail hosting (something like “anyone@magicnet.mn”) doesn’t like provide smtp server then you should configure your Outlook to use credential for other your mailbox, for example

Read the rest

Specifics of IT security in Mongolia

I want to address this post to my IT collegues. Last years in all my IT trainings i try to attract attention to lopsided approach to IT security in our country. In my opinion the most of us try to embrace as much as possible new IT technologies without at least understanding of basic classic conceptions. Almost all new solutions ignore and sacrifice security aspects for functionality. For example i don’t know any homebred business solution which supports Microsoft Active Directory integration, each solution uses own database user list, no windows logins (at least as an option if requested). Without … Read the rest